This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2009-07-30
Product Nss Last view 2021-05-27
Version 3.3.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mozilla:nss

Activity : Overall

Related : CVE

  Date Alert Description
9.1 2021-05-27 CVE-2020-12403

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

7.5 2019-11-15 CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

5.8 2009-11-09 CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

5.1 2009-07-30 CVE-2009-2409

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

6.8 2009-07-30 CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-310 Cryptographic Issues
20% (1) CWE-476 NULL Pointer Dereference
20% (1) CWE-125 Out-of-bounds Read
20% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection
65202 OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection
64725 HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte...
64499 ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte...
64040 IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62877 SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje...
62536 Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62273 Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62210 Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In...
62135 Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D...
62064 IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection
61929 IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ...
61785 Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D...
61784 Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ...
61718 IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje...

ExploitDB Exploits

id Description
10579 TLS Renegotiation Vulnerability PoC Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-22 (nginx)
File : nvt/glsa_201203_22.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-05 (gnutls)
File : nvt/glsa_201110_05.nasl
2011-11-03 Name : Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2011_162.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386
File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos3 i386
File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos5 i386
File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1580 centos4 i386
File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:1584 centos5 i386
File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2010:0054 centos5 i386
File : nvt/gb_CESA-2010_0054_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2010:0162 centos5 i386
File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssl097a CESA-2010:0164 centos5 i386
File : nvt/gb_CESA-2010_0164_openssl097a_centos5_i386.nasl
2011-08-09 Name : CentOS Update for nspr CESA-2010:0165 centos5 i386
File : nvt/gb_CESA-2010_0165_nspr_centos5_i386.nasl
2011-08-09 Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386
File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2010:0339 centos5 i386
File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2010:0768 centos5 i386
File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201006_18.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-2 (openjdk-6)
File : nvt/deb_2161_2.nasl
2011-01-04 Name : HP-UX Update for Java HPSBUX02608
File : nvt/gb_hp_ux_HPSBUX02608.nasl
2010-12-02 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312
File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl
2010-11-23 Name : Fedora Update for openssl FEDORA-2010-17826
File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl
2010-11-16 Name : Fedora Update for nss FEDORA-2010-15989
File : nvt/gb_fedora_2010_15989_nss_fc12.nasl
2010-11-16 Name : Fedora Update for proftpd FEDORA-2010-17220
File : nvt/gb_fedora_2010_17220_proftpd_fc12.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote web server is affected by multiple vulnerabilities.
File: nginx_0_7_64.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote host is affected by a MITM vulnerability.
File: fortios_FG-IR-17-137.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1084.nasl - Type: ACT_GATHER_INFO
2017-01-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO
2017-01-05 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3163-1.nasl - Type: ACT_GATHER_INFO
2016-12-16 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-774.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3105-1.nasl - Type: ACT_GATHER_INFO
2016-12-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3080-1.nasl - Type: ACT_GATHER_INFO
2016-12-06 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-3014-1.nasl - Type: ACT_GATHER_INFO
2016-11-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161116_nss_and_nss_util_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2779.nasl - Type: ACT_GATHER_INFO
2016-11-17 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-2779.nasl - Type: ACT_GATHER_INFO
2016-11-16 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2779.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0001_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0019_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-01-25 Name: The remote Debian host is missing a security update.
File: debian_DLA-400.nasl - Type: ACT_GATHER_INFO
2015-05-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3253.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_php_20140401.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_php_20140522.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_ruby_20130924.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2014-0007.nasl - Type: ACT_GATHER_INFO